The Murky Origins of Flame

Flame, also known by the names Flamer and Skywiper, was at first widely believed to have initially appeared in 2010. However, evidence has mounted that the malware was in existence before then. Kaspersky Lab for example has found that some domains used by Flame for command and control (C&C) were registered as early as 2008. In addition, researchers with the Laboratory of Cryptography and System Security at the Budapest University of Technology and Economics have said the main component of the malware had been observed in the wild in 2007.

There are millions of pieces of malware out there, and it is not every day one of them gets called the most complex of them all. However, in the eyes of some security researchers, the recently discovered Flame malware is living up to the hype. Emerging in late May and apparently targeting systems around the world, Flame appears to be a massive cyber-espionage toolkit that has prompted warnings from such diverse sources as the United Nations, antivirus software companies, and Iran's Computer Emergency Response Team (CERT). But just what is Flame and what is it about the malware that has so many touting its sophistication and its potential threat. Whether it's actually performing significant espionage in the wild is unclear and widely debated. While the malware remains under investigation, details about its controlled burn through systems around the world are beginning to emerge. Here, eWEEK will try to penetrate the fog of speculation obscuring Flame and reveal what is actually known about this massive piece of malware.